HEA-NIDS: A Hybrid-Ensemble Anomaly Detection System for Mitigating Network Intrusions and DDoS Precursors in Cloud Storage Environments

doi:10.23940/ijpe.26.02.p3.7787

Abstract

Abstract:

Cloud infrastructures are becoming more vulnerable to complex attacks, such as the precursors of Distributed Denial of Service (DDoS) and misuse of insider privileges, which are hard to detect using traditional signature-based intrusion detection systems (IDS). This work presents HEA?NIDS, a Hybrid Ensemble?based Anomaly Detection System designed for dynamic cloud environments. A heap?ranking strategy was employed to select candidate classifiers, retaining the four most consistent models which were integrated into a dual?engine ensemble comprising stacking with a Random Forest meta?learner and soft voting for probability aggregation. The experiments with the NF-UQ-NIDS-v2 dataset, which consists of 76 million NetFlow records and 21 attack types, and stratified 10-fold cross-validation showed a high predictive performance of above 99 percent accuracy, false positive rate 0.0055, true positive rate 0.9898, and an AUC-ROC of approximately 1.0. The temporal drift will be addressed in future work, and adaptive retraining and multi-dataset validation will be used to make the model even stronger and bring it a step closer to the practical implementation.

Key words: cloud security, intrusion detection system (ids), machine learning, DDoS precursors, hybrid ensemble, privilege misuse

Callistus Tochukwu Ikwuazom, Francisca Nonyelum Ogwueleka, Mohammed Baba Hammawa, and Rajesh Prasad. HEA-NIDS: A Hybrid-Ensemble Anomaly Detection System for Mitigating Network Intrusions and DDoS Precursors in Cloud Storage Environments [J]. Int J Performability Eng, 2026, 22(2): 77-87.

Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks

References 24

[1]	Kirchoff D.F., Xavier M., Mastella J., and De Rose C.A., 2019. A preliminary study of machine learning workload prediction techniques for cloud applications. In 2019 27th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP), pp. 222-227.
[2]	Gupta S., Gupta A., and Shankar G., 2021. Cloud computing: services, deployment models and security challenges. In 2021 2nd International Conference on Smart Electronics and Communication (ICOSEC), pp. 414-418.
[3]	Al-Mazrawe A., and Al-Musawi B., 2024. Anomaly detection in cloud network: A review. In BIO Web of Conferences, EDP Sciences, 97, pp. 00019.
[4]	Mehmood M., Amin R., Muslam M.M.A., Xie J., and Aldabbas H., 2023. Privilege escalation attack detection and mitigation in cloud using machine learning. IEEE Access, 11, pp. 46561-46576.
[5]	Becerra-Suarez F.L., Fernández-Roman I., and Forero M.G., 2024. Improvement of distributed denial of service attack detection through machine learning and data processing. Mathematics, 12(9), 1294.
[6]	Kandhro I.A., Alanazi S.M., Ali F., Kehar A., Fatima K., Uddin M., and Karuppayah S., 2023. Detection of real-time malicious intrusions and attacks in IoT empowered cybersecurity infrastructures. IEEE Access, 11, pp. 9136-9148.
[7]	Sreeramulu M.D., Suganyadevi K., Neravetla A.R., and Mohammed A.S., 2024. Network intrusion detection in cloud computing environments. In 2024 IEEE 3rd World Conference on Applied Intelligence and Computing (AIC), pp. 1431-1437.
[8]	Bouzaachane K., Guarmah E.M.E., Alnajim A.M., and Khan S., 2025. Addressing modern cybersecurity challenges: A hybrid machine learning and deep learning approach for network intrusion detection. Computers, Materials & Continua, 84(2).
[9]	Gouda H.A., Ahmed M.A., and Roushdy M.I., 2024. Optimizing anomaly-based attack detection using classification machine learning. Neural Computing and Applications, 36(6), pp. 3239-3257.
[10]	Gu Z., Lopez D.T., Alrahis L., and Sinanoglu O., 2024. Always be pre-training: representation learning for network intrusion detection with GNNs. In 2024 25th International Symposium on Quality Electronic Design (ISQED), pp. 1-8.
[11]	Hakimi R., and Shalannanda W., 2025. A consensus-based feature selection and classifier benchmarking for network anomaly detection. Journal of Engineering and Scientific Research, 7(1), pp. 31-39.
[12]	Farhan M., Waheed Ud Din H., Ullah S., Hussain M.S., Khan M.A., Mazhar T., Khattak U.F., and Jaghdam I.H., 2025. Network-based intrusion detection using deep learning technique. Scientific Reports, 15(1), 25550.
[13]	Alzubi Q.M., Makhadmeh S.N., and Sanjalawe Y., 2025. Optimizing intrusion detection: advanced feature selection and machine learning techniques using the CSE-CIC-IDS2018 dataset. Journal of Advances in Information Technology, 16(3).
[14]	Ahmed U., Nazir M., Sarwar A., Ali T., Aggoune E.H.M., Shahzad T., and Khan M.A., 2025. Signature-based intrusion detection using machine learning and deep learning approaches empowered with fuzzy clustering. Scientific Reports, 15(1), 1726.
[15]	Ahmed H.A., Hameed A., and Bawany N.Z., 2022. Network intrusion detection using oversampling technique and machine learning algorithms. PeerJ Computer Science, 8, e820.
[16]	Abdelkhalek A., and Mashaly M., 2023. Addressing the class imbalance problem in network intrusion detection systems using data resampling and deep learning. Journal of Supercomputing, 79(10).
[17]	Vu L., Nguyen Q.U., Nguyen D.N., Hoang D.T., and Dutkiewicz E., 2022. Deep generative learning models for cloud intrusion detection systems. IEEE Transactions on Cybernetics, 53(1), pp. 565-577.
[18]	Yin B., Bu B., Gao B., and Li Q., 2022. A hybrid intrusion detection method using improved stacking ensemble algorithm and false positive elimination strategy for CBTC. In 2022 IEEE 25th International Conference on Intelligent Transportation Systems (ITSC), pp. 4253-4258.
[19]	Mhawi D.N., Aldallal A., and Hassan S., 2022. Advanced feature-selection-based hybrid ensemble learning algorithms for network intrusion detection systems. Symmetry, 14(7), 1461.
[20]	Manzoor S., Ahmad M., and Alhadawi H.S., 2022. Intrusion detection system using ensemble machine learning in cloud environment. In International Conference on Emerging Technologies and Intelligent Systems, pp. 513-522.
[21]	Reddy K.B., and Meera S., 2024. DDoS attack detection in cloud using ensemble model tuned with optimal hyperparameter. International Journal of Adaptive Control and Signal Processing, 38(5), pp. 1594-1620.
[22]	Bingu R., and Jothilakshmi S., 2023. Design of intrusion detection system using ensemble learning technique in cloud computing environment. International Journal of Advanced Computer Science and Applications, 14(5).
[23]	Bakro M., Kumar R.R., Alabrah A.A., Ashraf Z., Bisoy S.K., Parveen N., Khawatmi S., and Abdelsalam A., 2023. Efficient intrusion detection system in the cloud using fusion feature selection approaches and an ensemble classifier. Electronics, 12(11), 2427.
[24]	Wang C., Sun Y., Wang W., Liu H., and Wang B., 2023. Hybrid intrusion detection system based on combination of random forest and autoencoder. Symmetry, 15(3), 568.